Payment terminals including point of sale (POS) terminals, Automated Teller Machine (ATM) terminals, Automated Fuel Dispensers, and so on, allow financial transactions to be made using a plastic card such as a credit card, debit card, ATM card, smart card, or the like, issued to a cardholder. Typically, payment terminals are PIN entry devices (PED) that comprise a keypad to facilitate entry of a personal identification number (PIN) of the cardholder. The PIN is a numeric password entered by the cardholder on the payment terminal to authenticate the cardholder (by the card or by the issuer server). Thus, for example, a cardholder may enter a 4-digit PIN to authenticate his or her identity after using his or her credit card to make a purchase using a POS terminal.
Increasingly, payment terminals are subjected to physical attacks to obtain the PINs of cardholders who use the terminal. In one type of attack, the keypad of the payment terminal is penetrated (e.g., accessed or opened) and one or more small sensors, generally referred to as “bugs,” are inserted beneath the keys. When a PIN is entered by a cardholder using the keypad, the bugs detect the key presses made by the cardholder and cause the PIN to be recorded. The PIN may then be used by the attacker or sold to a third party to access the cardholder's account data. Consequently, the Payment Card Industry (PCI) Security Standards Counsel has implemented a certification known as PCI-PTS PED (Payment Card Industry-Payment Terminal Security PIN entry device) certification for PEDs used in payment terminals so that the payment terminals may be made more resistant to such attacks.